Additional info
Certificate templates
| Additional info for certificate templates is only required when you are going to enroll web server certificates. |
To add or update this information from the GUI, go to .
Example of Additional info for Certificate templates
<?xml version="1.0" encoding="utf-8"?>
<TaskType Id="300" Name="EnrollServer">
<Task>
<ActionList>
<ActionObj>
<GroupId/>
<UserId/>
<DateTime/>
<Signature/>
<RequireSignature>true</RequireSignature>
<Type>
<Id>100</Id>
<Name>InputGeneric</Name>
</Type>
<Server>
<PrepareList/>
<ExecuteList>
<ExecuteObj>
<Id>303</Id>
<Name>EnrollServer</Name>
</ExecuteObj>
</ExecuteList>
</Server>
<Info>
<InputFieldList>
<InputFieldObj>
<Id>SubjectCommonName</Id>
<Name>SubjectCommonName</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy>json:{"Required":{}}</Policy>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectOrganizationUnitNames</Id>
<Name>SubjectOrganizationUnitNames</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectOrganizationName</Id>
<Name>SubjectOrganizationName</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectStreetAddress</Id>
<Name>SubjectStreetAddress</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectPostalCode</Id>
<Name>SubjectPostalCode</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectLocality</Id>
<Name>SubjectLocality</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectCountry</Id>
<Name>SubjectCountry</Name>
<Type>Text</Type>
<Help></Help>
<Value>SE</Value>
<ValueList/>
<Policy/>
<ReadOnly>true</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectEmail</Id>
<Name>SubjectEmail</Name>
<Type>Email</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy>json:{"Email":{}}</Policy>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectSerialNumber</Id>
<Name>SubjectSerialNumber</Name>
<Type>Text</Type>
<Help></Help>
<Value></Value>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectBusinessCategory</Id>
<Name>SubjectBusinessCategory</Name>
<Type>Text</Type>
<Help></Help>
<Value>Government Entity</Value>
<ValueList/>
<Policy/>
<ReadOnly>true</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectJurisdictionLocality</Id>
<Name>SubjectJurisdictionLocality</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectJurisdictionState</Id>
<Name>SubjectJurisdictionState</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectJurisdictionCountry</Id>
<Name>SubjectJurisdictionCountry</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameUpn</Id>
<Name>SubjectAltNameUpn</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy>json:{"Email":{}}</Policy>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameRfc822</Id>
<Name>SubjectAltNameRfc822</Name>
<Type>Email</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy>json:{"Email":{}}</Policy>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameDns</Id>
<Name>SubjectAltNameDns</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameDirectory</Id>
<Name>SubjectAltNameDirectory</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameUrl</Id>
<Name>SubjectAltNameUrl</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameIp</Id>
<Name>SubjectAltNameIp</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameGuid</Id>
<Name>SubjectAltNameGuid</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>SubjectAltNameOid</Id>
<Name>SubjectAltNameOid</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy/>
<ReadOnly>false</ReadOnly>
</InputFieldObj>
</InputFieldList>
<ParameterList>
<ParameterObj>
<Id>CertificateTemplateId</Id>
<Value></Value>
</ParameterObj>
</ParameterList>
</Info>
</ActionObj>
<ActionObj>
<GroupId/>
<UserId/>
<DateTime/>
<Signature/>
<RequireSignature>false</RequireSignature>
<Type>
<Id>4</Id>
<Name>Download</Name>
</Type>
<Server>
<PrepareList>
<PrepareObj>
<Id>60</Id>
<Name>InitializeDownload</Name>
<Type>IssuedPkcs12</Type>
</PrepareObj>
</PrepareList>
<ExecuteList/>
</Server>
<Info>
<InputFieldList>
<InputFieldObj>
<Id>DataType</Id>
<Name>DataType</Name>
<Type>Text</Type>
<Help></Help>
<Value/>
<ValueList/>
<Policy>json:{"Required":{}}</Policy>
<ReadOnly>true</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>DataPassword</Id>
<Name>DataPassword</Name>
<Type>Password</Type>
<Help/>
<Value/>
<Policy>json:{"Required":{}}</Policy>
<ReadOnly>true</ReadOnly>
</InputFieldObj>
<InputFieldObj>
<Id>DataValue</Id>
<Name>DataValue</Name>
<Type>Textarea</Type>
<Help/>
<Value/>
<Policy>json:{"Required":{}}</Policy>
<ReadOnly>true</ReadOnly>
</InputFieldObj>
</InputFieldList>
</Info>
</ActionObj>
</ActionList>
</Task>
</TaskType>Organization
To add or update this information from the GUI, go to .
Example of Additional info for Organization
<?xml version="1.0" encoding="utf-8"?>
<Organization>
<Image>
<Id></Id>
</Image>
<ServerCertificate>
<Approval>
<MessageType>SMTP</MessageType>
<MessageSubject>Servercertifikat</MessageSubject>
<RequestMessage>Handläggare {internal.user.displayname} har begärt ett servercertifikat.</RequestMessage>
<ApprovalMessage>Din begäran om servercertifikat med namn {internal.task.subjectcommonname} har godkänts för vidare behandling.</ApprovalMessage>
<DenialMessage>Din begäran om servercertifikat med namn {internal.task.subjectcommonname} har avslagits med följande anledning: {internal.task.message}.</DenialMessage>
</Approval>
</ServerCertificate>
<User>
<Image>
<Validity>
<Years>5</Years>
</Validity>
</Image>
<SequenceNumberPrefix>15</SequenceNumberPrefix>
<Tokens>
<SmartCardStd>10</SmartCardStd>
<SmartCardLtd>10</SmartCardLtd>
<SmartCardStdExt>10</SmartCardStdExt>
<SmartCardLtdExt>10</SmartCardLtdExt>
<SoftTokenStd>10</SoftTokenStd>
<SoftTokenLtd>10</SoftTokenLtd>
<PhoneStd>10</PhoneStd>
<PhoneLtd>10</PhoneLtd>
<TabletStd>10</TabletStd>
<TabletLtd>10</TabletLtd>
<IPTStd>10</IPTStd>
<IPTLtd>10</IPTLtd>
</Tokens>
<UniqueName>
<Syntax>{internal.user.serialNumber}@{internal.organization.domainsuffix}</Syntax>
<IsGlobal>false</IsGlobal>
</UniqueName>
<DefaultGroups>2</DefaultGroups>
<Search>
<Condition>
<Key>usr_snr</Key>
<Operator>=</Operator>
<Value>DIRECTIVE</Value>
<Separator>OR</Separator>
</Condition>
<Condition>
<Key>usr_uniq_name</Key>
<Operator>=</Operator>
<Value>DIRECTIVE</Value>
<Separator>OR</Separator>
</Condition>
<Condition>
<Key>adnl_ids.adnl_id_value</Key>
<Operator>DYNAMICLIKE</Operator>
<Value>DIRECTIVE</Value>
<Separator>OR</Separator>
</Condition>
</Search>
<Flags>
<Flag Id="0x1" Name="Secrecy">
<Enabled>true</Enabled>
</Flag>
</Flags>
</User>
<Token>
<Receipt>
<Enabled>False</Enabled>
<Content>
<Headline>Receipt of token</Headline>
<ContentType>Enrolled token</ContentType>
<Token>Token</Token>
<TokenType>Type:</TokenType>
<TokenTemplate>TokenTemplate:</TokenTemplate>
<TokenSerialNumber>SerialNumber:</TokenSerialNumber>
<TokenValidity>Validity:</TokenValidity>
<Officer>Officer</Officer>
<OfficerName>Name:</OfficerName>
<OfficerSignature>Officer signature:</OfficerSignature>
<User>User</User>
<UserName>Name:</UserName>
<UserSerialNumber>SerialNumber:</UserSerialNumber>
<UserSignature>User signature:</UserSignature>
<ReceiptUser>Receipt of user:</ReceiptUser>
<Returned>Returned</Returned>
<Date>Date:</Date>
<Time>Time:</Time>
</Content>
<Format>PDF</Format>
</Receipt>
<Search>
<Condition>
<Key>tkn_snr</Key>
<Operator>LIKE</Operator>
<Value>DIRECTIVE%</Value>
<Separator>OR</Separator>
</Condition>
<Condition>
<Key>tkn_seqnr1</Key>
<Operator>LIKE</Operator>
<Value>DIRECTIVE%</Value>
<Separator>OR</Separator>
</Condition>
<Condition>
<Key>tkn_seqnr2</Key>
<Operator>LIKE</Operator>
<Value>DIRECTIVE%</Value>
<Separator />
</Condition>
</Search>
</Token>
<Task>
<CounterLimit> (1)
<TaskType Id="100" Name="CreateUser">2</TaskType>
<TaskType Id="300" Name="CreateServer">1</TaskType>
</CounterLimit>
<Validity>
<Days>7</Days>
</Validity>
<InProgressValidity>
<Days>1</Days>
</InProgressValidity>
<LockOnCreate>true</LockOnCreate>
<Rules>
<TaskType Id="101" Name="UpdateUser">
<Self>false</Self>
<Officer>true</Officer>
</TaskType>
<TaskType Id="122" Name="EnrollUserPhoneStd">
<Self>true</Self>
<Officer>false</Officer>
</TaskType>
<TaskType Id="106" Name="GenerateOneTimePassword">
<Self>true</Self>
<Officer>true</Officer>
</TaskType>
<TaskType Id="115" Name="EnrollUserAdditionalSelf">
<Self>true</Self>
<Officer>true</Officer>
</TaskType>
</Rules>
</Task>
<Theme>
<Style />
</Theme>
<ActiveUsers>
<IdleExpiration>
<Minutes>10</Minutes>
</IdleExpiration>
</ActiveUsers>
<OneTimePassword>
<Validity>
<Days>3</Days>
</Validity>
<Default>
<Message>netid://?server=API_URK&code={internal.protected.otp}</Message>
</Default>
<SMTP>
<Message>This is the Message tag in the xml</Message>
<Verify></Verify>
</SMTP>
<SMS>
<Message>netid://?server=https://API_URL/&code={internal.protected.otp}</Message>
<Verify>Your verification code is: {internal.protected.otp}</Verify>
</SMS>
</OneTimePassword>
<NotifyUser>
<CertificateExpiration>
<Client>
<TimeSpan>
<Days>0</Days>
</TimeSpan>
<Message>Your certificate named "{internal.certificate.subject}" will be expired "{internal.certificate.validto}".</Message>
</Client>
<Server>
<TimeSpan>
<Days>0</Days>
</TimeSpan>
<Message>A server certificate with subject '{internal.certificate.subject}' expires '{internal.certificate.validto}'.</Message>
</Server>
</CertificateExpiration>
<Message>
<Default nip_admin_editable="true" nip_admin_type="textarea" nip_admin_name="Standardmeddelande">Your user profile or token/certificate has been updated.</Default>
</Message>
</NotifyUser>
<Server>
<Search>
<Condition>
<Key>srv_name</Key>
<Operator>LIKE</Operator>
<Value>DIRECTIVE%</Value>
<Separator />
</Condition>
</Search>
</Server>
<Office>
<MergeListToDelegation>true</MergeListToDelegation>
<MergeListToUserRestriction>true</MergeListToUserRestriction>
</Office>
<CertificateApprovements>
<Approvement />
</CertificateApprovements>
<EndEntity>
<Search>
<Condition>
<Key>end_entity_name</Key>
<Operator>LIKE</Operator>
<Value>%DIRECTIVE%</Value>
<Separator>OR</Separator>
</Condition>
<Condition>
<Key>end_entity_mail_addr</Key>
<Operator>LIKE</Operator>
<Value>DIRECTIVE%</Value>
<Separator>OR</Separator>
</Condition>
<Condition>
<Key>adnl_ids.adnl_id_value</Key>
<Operator>DYNAMICLIKE</Operator>
<Value>%DIRECTIVE%</Value>
<Separator />
</Condition>
</Search>
</EndEntity>
<Hsa>
<Id>
<Type Id="0" Name="Default">
<Prefix>SE0000000000-</Prefix>
<SerialNumber>
<AllowedChars>0123456789ABCDEF</AllowedChars>
<Length>4</Length>
</SerialNumber>
</Type>
<Type Id="1" Name="EndEntity">
<Prefix>XXXX120000000000-</Prefix>
<SerialNumber>
<AllowedChars>0123456789ABCDEF</AllowedChars>
<Length>6</Length>
</SerialNumber>
</Type>
</Id>
</Hsa>
</Organization>| 1 | List task type and its upper limit to set the number of active tasks of a certain type. |
Token template
To add or update this information from the GUI, go to .
Example of Additional info for Token template
<?xml version="1.0" encoding="utf-8"?>
<TokenTemplate>
<SoftToken>
<TokenLabelPrefix>eid</TokenLabelPrefix>
<TokenLabelAttribute>{internal.user.serialNumber}</TokenLabelAttribute>
</SoftToken>
<TokenManufacturer>
<RequireImage>true</RequireImage>
<RequireSignatureImage>true</RequireSignatureImage>
<RequireIdentification>true</RequireIdentification>
<RequireAppearance>true</RequireAppearance>
<RequireRevocation>false</RequireRevocation>
<Image>
<Validity>
<Years>5</Years>
</Validity>
</Image>
<SignatureImage>
<Validity>
<Years>5</Years>
</Validity>
</SignatureImage>
</TokenManufacturer>
</TokenTemplate>